Bugtraq mailing list archives

Re: Sql Injection and Path Disclosoure Wordpress v2.0.5

From: "Paul Robertson" <compuwar () gmail com>
Date: Thu, 7 Sep 2006 11:30:45 -0400

On 6 Sep 2006 17:26:18 -0000, vannovax () gmail com <vannovax () gmail com> wrote:

Version Afected: v2.0.5 - v2.0.2


For Version v2.0.2


index.php?paged=-25633&header.php?=-id


Isn't this the exact same bug reported on Bugtraq in early July by
zero in 2.0.3?



For Version v2.0.5

index.php?paged=/archive/-1-5-2-Create%20Table


The Wordpress folks tell me there isn't a version 2.0.5, 2.0.4 is the
latest release and the subversion code isn't numbered that way.  Is it
possible the OP got the version string wrong?

Thanks,

Paul
--
fora.compuwar.net

Current thread:

Sql Injection and Path Disclosoure Wordpress v2.0.5 vannovax (Sep 06)
- Re: Sql Injection and Path Disclosoure Wordpress v2.0.5 Paul Robertson (Sep 07)
- <Possible follow-ups>
- Re: Re: Sql Injection and Path Disclosoure Wordpress v2.0.5 vanovax (Sep 08)
  - Re: Re: Sql Injection and Path Disclosoure Wordpress v2.0.5 Paul Robertson (Sep 11)